feat(headscale): add self-hosted Tailscale control server
New module: modules/headscale.nix - Headscale service listening on localhost with Nginx reverse proxy - SQLite database (appropriate for personal use) - Tailscale public DERP relays for NAT traversal fallback - MagicDNS enabled with Mullvad/Quad9 upstream resolvers - Optional OIDC authentication (Google, GitHub, etc.) - Default auth: pre-shared API keys (headscale apikeys create) - Added to backup paths (SQLite DB) - headscale CLI tool added to system packages Configuration: - Domain: vpn.ashisgreat.xyz - OIDC disabled by default (documented how to enable in configuration.nix) To register a device after deploying: sudo headscale apikeys create tailscale up --login-server=https://vpn.ashisgreat.xyz --authkey=<key> DNS record needed: vpn.ashisgreat.xyz → VPS IP
This commit is contained in:
parent
2bc375ab86
commit
1c28db5f8e
3 changed files with 170 additions and 0 deletions
|
|
@ -11,5 +11,6 @@
|
|||
./backup.nix
|
||||
./adguard.nix
|
||||
./forgejo.nix
|
||||
./headscale.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue